The global erosion of privacy: when security becomes surveil…

How democracies and Big Tech are transforming privacy from a fundamental right to a luxury for the few.

In recent years, it seems that Western democracies are converging toward a common model: introducing mass surveillance systems and mandatory identification, justifying themselves with apparently noble objectives: the protection of minors, the fight against terrorism, national security. Yet, behind these legitimate motivations, lies a transformation of the relationship between citizen and State, where privacy is becoming a privilege of the past rather than a fundamental right.

From the repeated attempts to approve European Chat Control to British identity verifications, from the Swiss e-ID to Australian and Canadian laws, a disturbing pattern emerges: controversial legislations are approved with narrow margins or imposed from above, while citizens find themselves increasingly unable to navigate without leaving traces of their identity.

The European regulatory proposal known as “Chat Control” perhaps represents the most ambitious attempt to normalize mass surveillance in Western democracies. Officially presented as “Regulation to Prevent and Combat Child Sexual Abuse” in May 2022, the legislation aims to impose mandatory scanning of private communications to identify child pornographic material.

Service providers like WhatsApp, Signal, Telegram and other messaging services would have to implement automated content scanning systems, including conversations protected by end-to-end encryption. In practice, every message, file, photo or video sent would be analyzed by algorithms before reaching the recipient.

The proposal has faced a tortuous legislative path. After being blocked in December 2024 by a “blocking minority” of European governments, it returned forcefully to the agenda in July 2025 under the Danish presidency of the EU Council.

To allow content scanning, end-to-end encryption would have to be compromised through what technicians call “client-side scanning” – essentially, a backdoor installed directly on people’s devices. Signal has declared that the system would function as “malware installed on users’ devices”. As denounced in several parliamentary questions, this approach would undermine Article 7 of the EU Charter of Fundamental Rights, which guarantees respect for private life and communications.

Organizations for digital rights, such as the Electronic Frontier Foundation (EFF) and the Chaos Computer Club (CCC), have expressed warnings against client-side scanning, defining it as an “invasive” technology and inherently “susceptible to errors”. Moreover, automatic detection systems produce a high rate of false positives, putting innocent citizens at risk of false accusations.

The most disturbing aspect is represented by the exemptions provided for European politicians, who would enjoy special protections under the rules of “professional secrecy”.

Telegram has already threatened to exit the European market rather than compromise the encryption of its users. Signal has declared that it simply cannot implement backdoors while maintaining its security promises.

Currently, according to the Fight Chat Control portal, 12 member states support the proposal, 9 declare themselves opposed and 6 have not yet taken a position. The vote, initially scheduled for October 14, 2025, was postponed after the twenty-seven States did not reach an agreement on the Danish presidency’s proposal. The dossier now returns to technical tables and could be resubmitted or reformulated.

On July 25, 2025, the Online Safety Act came into force in the United Kingdom, legislation that imposes age verification to access adult content and potentially harmful materials, requiring the upload of identity documents, bank checks or facial scans. Officially designed to protect minors from inappropriate content, the act requires platforms and websites to verify that users are at least 18 years old through “robust” methods.

However, the definition of content subject to verification rapidly extended beyond adult sites initially targeted by the law. Discord and Reddit began requiring facial scans from British users. Even seemingly innocent services have been involved, creating a situation where browsing freely requires providing personal identifying data to countless private companies.

Verification methods include uploading photo identity documents, biometric facial scans, or the use of third-party age verification services. In all cases, a database is created that links the individual’s real identity to their online behaviors.

The reaction of British citizens was immediate. Proton VPN registered an increase in subscriptions exceeding 1,400% in the hours immediately following the law’s entry into force. Google searches for “VPN” in the United Kingdom skyrocketed by 2,450%. Other providers reported similar increases.

The government’s response was eloquent. Government officials declared they are “watching very carefully” the use of VPNs. Proposals emerged to extend age verification requirements to VPN services themselves.

The French precedent is emblematic. In June 2025, a similar law (SREN – Sécurité et Régulation de l’Espace Numérique) came into force in France, causing the temporary blocking of access to numerous adult sites that preferred to withdraw from the French market rather than implement invasive verification systems; after a precautionary suspension decided in mid-June by the Administrative Court of Paris, the Council of State annulled it, confirming the age verification obligation for the sites concerned.

Simultaneously, the British government announced the introduction of a mandatory digital identity system by the end of the legislature. The system, initially designed to combat illegal work, requires the use of smartphones and could gradually extend to other public services.

On September 28, 2025, Switzerland approved the federal law on electronic identity (e-ID): 50.4% favorable votes against 49.6% opposed, with a turnout of 49.55%. The result marks a turning point for a country traditionally attentive to privacy and individual freedoms.

The law creates an optional digital identification system managed entirely by the State, with which citizens will be able to authenticate themselves to authorities and private companies. Possible applications include requesting the digital driver’s license, age verification for purchases subject to restrictions, access to online public services, and identification to private platforms that choose to integrate with the system.

In 2021, Swiss citizens rejected a similar proposal with over 64% opposing votes, mainly due to concerns related to data management by private companies. The new model, completely state-run, was presented as a response to those concerns.

Opponents raised concerns that go beyond data protection. Those who do not own a smartphone or are not familiar with digital technology risk being progressively excluded from essential services. If electronic identity becomes the standard method to access public services, those who refuse or cannot adopt it become second-class citizens.

Australia became the first country in the world to completely ban access to social media (including YouTube) for minors under 16. The law, approved in November 2024 and in force since December 2025, will force platforms to implement age verification systems that could require identity documents or biometric scans for all users. The government plans to proceed with implementation, extending the requirements also to search engines.

In parallel, the Canadian government is debating legislation that would grant broad powers to law enforcement, including legal access to electronic communications. Bill C-2, called Strong Borders Act, is a bill presented in June 2025 that extensively reforms border security, immigration, organized crime repression and anti-money laundering, also introducing new investigative powers in the digital sphere. The proposal raises serious privacy concerns because it lowers the thresholds for obtaining information from online providers, allowing in various cases requests without judicial warrant based on simple “reasonable suspicion”. Faced with criticism, the government has signaled the intention to resubmit a revised text that removes some of the more controversial clauses.

While governments attack privacy through legislation, technology giants like Google are conducting a parallel war against users’ digital freedom.

On August 25, Google announced that from 2026 all Android developers will have to register and be verified by the company, even to distribute apps outside the Google Play Store.

Starting from September 2026, the new rules require developers to provide government identity documents, pay a registration fee and submit to Google’s terms and conditions. This creates a bottleneck controlled by Google for all software distribution on Android, even for apps that have never used Google services.

The official justification is always the same: security. The Mountain View company justifies such measures citing statistics according to which apps downloaded through alternative methods contain over 50 times more malware than those from the Play Store. However, the Play Store itself is not immune from malware and harmful apps, and systems like Play Protect have demonstrated limited effectiveness. In reality, the new policies seem like an attempt to suffocate alternative app stores like F-Droid, which allow Android users to install software without going through the ecosystem controlled by Google.

F-Droid, the main repository of open source applications for Android, has denounced that these new rules could mark the end of the project. The platform, active for 15 years and distributing over 3,000 free and tracker-free applications, cannot force its developers to register with the Mountain View company.

The timing of these changes is particularly suspicious, arriving immediately after the Epic Games vs Google ruling that forces the California company to allow alternative app stores within Android.

Examining these apparently separate initiatives, a disturbing pattern emerges. Whether it’s European Chat Control, the British Online Safety Act, the Swiss e-ID, Australian and Canadian proposals, or Google’s restrictions, all converge toward the same objective: making digital anonymity impossible.

The method is always similar. First, a real social problem is identified: protection of minors, fight against terrorism, prevention of cybercrime, national security. Then a technological solution is proposed that requires systematic identification. Finally, such surveillance is normalized by presenting it as the only reasonable method of addressing the original problem.

In this way, every online interaction becomes traceable and linkable to a real identity. Persecuted minorities, whistleblowers, journalists and political activists will no longer have a way to express themselves freely while keeping their identity safe.

An often overlooked aspect is how such measures progressively make it more costly and difficult to protect one’s privacy. In the past, maintaining a certain degree of online anonymity was the status quo – it didn’t require active effort. Today, preserving privacy requires technical knowledge, time, and often money.

Using a no-log VPN has a cost. Maintaining separate identities online requires careful management. Installing apps from F-Droid requires knowledge. Every new barrier raises the cost of resistance.

This creates a social stratification of privacy. Those who have resources – technical knowledge, time, money – can still protect their digital life, at least partially. But the ordinary citizen who doesn’t have these resources is progressively exposed. Privacy thus becomes a privilege, not a right.

The post The global erosion of privacy: when security becomes surveillance appeared first on Atlas21.

Generated by RSStT. The copyright belongs to the original author.

Source